configuring-oauth2-authorization-flow
CommunityHarden OAuth2 flows with PKCE & best practices
System Documentation
What problem does it solve?
Misconfigured OAuth 2.0 deployments expose authorization codes, tokens, and client credentials to interception and misuse; this skill provides concrete configuration guidance and automated checks to eliminate common OAuth attack vectors and enforce modern best practices.
Core Features & Use Cases
- Flow Implementation: Guidance and validation for Authorization Code with PKCE, Client Credentials, and Device Authorization Grant deployments.
- Token Lifecycle & Security: Recommendations for secure token storage, refresh token rotation, revocation, DPoP/sender-constrained tokens, and scope design for least privilege.
- Automated Auditing: Scripts to discover OIDC discovery metadata, verify endpoints, test token issuance, and produce human-readable audit reports useful during deployments, security assessments, and CI/CD security gates.
Quick Start
Provide your issuer URL and optional client credentials to run an automated OAuth endpoint discovery and security audit that checks PKCE support, token endpoint authentication, redirect URI policies, and revocation capabilities.
Dependency Matrix
Required Modules
Components
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: configuring-oauth2-authorization-flow Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#configuring-oauth2-authorization-flow Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.